Our guest network is tunneled from several local controllers using layer 2 GRE tunnels to a DMZ controller that also is used as a RAP controller. The guest network redirects traffic to the tunnel which leads to the DMZ controller. Recently we started getting a lot of complaints that contractors are not able to use VPN such as Cisco anynet, Juniper SA Junios pulse though a guest network. We configured a test laptop to a co workers home network that had a Juniper setup for VPN. We were able to make it work by plugging into the DMZ controller directly when we use any of the local controllers